This is awesome, it reminds me of the security course I took in school where we had to smash stacks and hunt for various buffer overflow exploits. It was one of my favorite classes, but also one of the most difficult!
To me this is one of the most impressive fields of CS/Software Engineering because of the skill required to understand and exploit full systems. Even though I'm a software dev, reading this makes me feel very humbled and shows how little I actually know.
Thanks for the read!
This is based off the below link which was posted in another comment. Much more informative than the github repo imo.
http://crack.bargains/02r0.pdf
If you find that kind of thing fun, there are a bunch of free online CTF-style "wargames" that involve exploiting software with intentionally added bugs in a sandbox. Not nearly as difficult and impressive as this kind of real in-the-wild exploit, but definitely fun.
This type of stuff is also what does make me sad for not doing CS in college, cause it requires a lot of work to learn in my free time yet super interesting.
For me it is the first time to see a low-level exploit implementation written in JS. Is the exploit done through a PS4's web browser? Quite interesting.
JailbreakMe actually continued to work until iOS 4.3.3, though of course the exploit used needed to be continually updated as Apple patched iOS: https://en.wikipedia.org/wiki/JailbreakMe
Part of the problem is that these devices tend to have custom operating systems and custom builds of webkit, both outdated or forked from outdated code. As a result they haven't benefited from the full set of security audits and improvements you get if you're running Safari on an iPhone, or Chrome on Windows. A couple PS4 attacks rely on the fact that the PS4 sandbox allows access to BPF from the content process, for example - that's an odd choice and I doubt it's one you'd see in the sandbox of a consumer web browser like Chrome or Safari on a desktop PC. It's a Sony oversight.
does the threat model require anything more? i haven't really been exposed to consoles since i was a kid, but i don't get the impression that end users do anything terribly sensitive on them. i thought that whatever security existed was mainly intended to combat piracy. if the majority of the risk falls on sony, i don't really care how well they secure the device.
An attacker might potentially be able to get at your card details, since you need to enter them in order to buy stuff on the PS Store.
Also, the PS4 has social media integration, so it might be possible to access your accounts somehow.
(I'm not saying that an attacker definitely can do this; I'm merely pointing out that there are potentially some bits of private information on the PS4.)
Thanks, that was a really epic read (and pretty close to line noise for me as a security-agnostic person).
I even had to look up "bpf", it's the FreeBSD packet filtering[1] interface, it's a character special device used to control the kernel's network filtering.
> I even had to look up "bpf", it's the FreeBSD packet filtering[1] interface
Nah, it's the Berkeley Packet Filter interface. It predates FreeBSD; just check out the HISTORY section of the manual page you linked. FreeBSD's first release was in 1993; BPF was implemented in 1990, with roots going back to 1980 (enet).
BPF in Linux has been expanded to let you run pieces of user supplied code in the kernel. Its moved a bit away from the original definition of raw packet filtering.
There's a full explanation for the previous vulnerable FW 4.55 but the defect is the same (IIRC) as Sony properly fixed the race condition only with FW 5.50.
I wished I was smart enough to even implement half of what I just read and I am a senior getting my BA in computer information systems with my focus being networking and security :(
I would be rather surprised if the prices of graphics cards offering similar performance as the PS4 had been significantly affected by cryptocurrency mining.
It isn't the graphics that impress me, so much, as the fact that my PS4 can actually send real 5.1 audio out to my home theater setup. It boggles my mind with how difficult that seems to be on my gaming PC.
Sure, my PC can sling a zillion triangles per second, but it can't make one stompy robot dinosaur shake my living room the way the PS4 can.
Does your PC not have digital optical audio out? Also any GPU made in the last 10 years should be able to do 7.1 over HDMI. If you have an Nvidia card make sure to install the "HD Audio" component when you install the driver.
Inflating the prices for the high-end also affects the price development of the mid to low end, because those don't exist in isolation from each other.
That machine, while great (PC Engines, their best offer, Coreboot, good value for money), is designed to be a DIY router for running e.g. OPNSense.
You're probably better off with a NUC such as a Zotac or a Chinese knock off (example [1]). Why? Because given it has more horsepower and native hardware extensions for virtualization it can run VMs more efficiently.
IIRC audio over HDMI doesn't work yet (but the audio jack from the joypad works) and recently they added support for the slim and latest fat models HDMI video encoder chip.
The biggest drawback is the lack of persistence, especially if you want to use it as a server: you execute the exploit from the browser and load a Linux distribution from an external USB disk (not a real problem in itself as also the internal SATA HD is connected to the USB southbridge ^__^;)
There are some videos on YouTube that show working 3D HW acceleration tho.
To me this is one of the most impressive fields of CS/Software Engineering because of the skill required to understand and exploit full systems. Even though I'm a software dev, reading this makes me feel very humbled and shows how little I actually know.
Thanks for the read!
This is based off the below link which was posted in another comment. Much more informative than the github repo imo. http://crack.bargains/02r0.pdf